DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 16:35:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

conf: warn if not having read-only access to keys

Browse Source 
After dropping root privileges, log a warning message if chronyd
doesn't have read access or has (unnecessary) write access to the
files containing symmetric and server NTS keys.
This commit is contained in:
Miroslav Lichvar
2023-01-25 14:29:06 +01:00
parent 9cba9c8585
commit 883b0dde94
5 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
main.c
View File

@@ -637,9 +637,13 @@ int main
}
/* Drop root privileges if the specified user has a non-zero UID */
if (!geteuid() && (pw->pw_uid || pw->pw_gid))
if (!geteuid() && (pw->pw_uid || pw->pw_gid)) {
SYS_DropRoot(pw->pw_uid, pw->pw_gid, SYS_MAIN_PROCESS);
/* Warn if missing read access or having write access to keys */
CNF_CheckReadOnlyAccess();
}
if (!geteuid())
LOG(LOGS_WARN, "Running with root privileges");